home

nbrt-retail-downloader.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from liveupdate.symantecliveupdate.com.
MD5:
1dc9b34c743569bec74af22b5c4d73b2

SHA-1:
ffee80dbe1f176a8cd252509de6cb60f66f61c1e

SHA-256:
a787ff67b8bc5bc0ff77bd492154caa7eb0ce61988cce91641084f442c27922e

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/26/2024 10:14:35 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Detection.Undefined
7.0.302.0

File size:
860 KB (880,652 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\nbrt-retail-downloader.exe

File PE Metadata
Compilation timestamp:
5/24/2012 7:24:46 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:fWkFPVhSrkgLL+yYj6yYc0HGWO48ASYW5V0ERVT3n3GvcMTsTN2TjT9lXMxyHt59:OkhgmgykHiEcV5fT3kPYRM3XMxyHFGA

Entry address:
0x1000

Entry point:
B8, 58, 91, 6D, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 59, 0E, E5, 81, 2F, 42, 91, 11, A0, 5A, A9, EC, 1A, 83, A5, DB, B4, AF, 5E, D8, 08, 19, 27, 0A, C1, 6A, 52, 0D, 67, 14, 99, B3, 0B, BD, 4C, B8, 59, 31, 4C, B9, B3, 77, 11, 9A, 81, BB, DC, 34, 74, 2F, 4E, 73, A6, 49, D9, 30, 9B, D9, 78, 60, 61, 91, 10, 5A, CA, AE, F3, FB, BF, 09, 51, F5, BF, 30, 61, 9A, 0C, D3, 6D, D7, 3E, 33, 72, 6B, C6, 39, EE, E0, F1, F4, B8, C8, 24...
 
[+]

Packer / compiler:
PECompact v2

Code size:
2 MB (2,114,560 bytes)

The file nbrt-retail-downloader.exe has been seen being distributed by the following URL.

http://liveupdate.symantecliveupdate.com/upgrade/NSS/NBRTWizard/FSD/Retail/.../NBRT-Retail-Downloader.exe

Scan nbrt-retail-downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.